Malware analysis and digital forensic analysis are processes that often needs the analyst to look into system memory.In this regard, a good analyst must have at least a base knowledge of Windows Memory Management.
Some months ago I’ve written a brief post about code injection on Windows using python. Some readers asked me if the code proposed in the post (which calls standard windows API) is portable on other languages.
How attackers can exploit Group Policy Preferences file in order to discover passwords?
And how SysAdmins can mitigate this vulnerability?
Microsoft provides Shims to developers mainly for backward compatibility, but malware can take advantage of shims to target an executable for both persistence and injection.
Rootkits are tools and techniques used to hide malicious modules from being noticed by system monitoring.